Remove ssh host keys when using simple init

In order for glean to operate properly and regenerate ssh host keys it needs to start on a host without any ssh host keys. We hadn't been doing this meaning that new host keys were not generated on images using simple-init. Fix this by having simple-init delete any host keys found in /etc/ssh late in the build process. This should force glean/sshd to generate new host keys on first boot depending on the distro. Change-Id: Ic917387d92febf21c2cc37dfc1fa83fcf0c8e469
2016-04-05 17:02:20 -07:00 · 2016-04-05 17:02:20 -07:00 · 677619b1cc
commit 677619b1cc
parent 792036ec62
1 changed files with 18 additions and 0 deletions
--- a/elements/simple-init/cleanup.d/90-remove-ssh-host-keys
+++ b/elements/simple-init/cleanup.d/90-remove-ssh-host-keys
@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+# Cloud images shouldn't have ssh host keys baked
+# in so that they are regenerated on first boot and
+# are unique.
+
+# TODO(greghaynes) This should be a thing we do for all images, not just
+# simple-init.
+
+if [ -d /etc/ssh ] ; then
+    sudo find /etc/ssh -name 'ssh_host*' -type f -delete
+fi